Security News > 2021 > August > Microsoft: Evasive Office 365 phishing campaign active since July 2020
Microsoft says that a year-long and highly evasive spear-phishing campaign has targeted Office 365 customers in multiple waves of attacks starting with July 2020.
The ongoing phishing campaign lures targets into handing over their Office 365 credentials using invoice-themed XLS.HTML attachments and various information about the potential victims, such as email addresses and company logos.
"In the case of this phishing campaign, these attempts include using multilayer obfuscation and encryption mechanisms for known existing file types, such as JavaScript. Multilayer obfuscation in HTML can likewise evade browser security solutions," Microsoft added.
Com; if the logo is not available, this segment loads the Microsoft Office 365 logo instead. Segment 3 - A script that loads an image of a blurred document, indicating that sign-in has supposedly timed out.
"During our year-long investigation of [this] targeted, invoice-themed XLS.HTML phishing campaign, attackers changed obfuscation and encryption mechanisms every 37 days on average, demonstrating high motivation and skill to constantly evade detection and keep the credential theft operation running," Microsoft added.
Microsoft alo warned in March of phishing operation that stole an estimated 400,000 OWA and Office 365 credentials since December 2020 and expanded to abuse new legitimate services to bypass secure email gateways.